SDN Controllers - A Use Case Driven Approach to the Options Paul Cernick and Chad Peterson Contributors and Acknowledgements
• Lukas Krattiger • Leo Boulton • David Jansen
• Victor Moreno • Vaughn Suazo • Kevin Corbin
• Yves Louis • Dave Malik • Babi Seal
• Brenden Buresh • Lilian Quan • James Christopher
• Jason Gmitter • Mike Herbert • Jim Pisano
• Chad Hintz • Juan Lage • Matt Smorto
• Errol Roberts • Jason Pfiefer • Giles Heron
• Cesar Obediente • Lilian Quan • Brendan Kelly Agenda
• Why SDN Controllers
• Foundational Technical Requirements
• Use Cases and Cisco’s Solutions
• Conclusion and Questions Paul Cernick Chad Peterson
• Technical Solutions Architect • Data Centre Consulting Systems Engineer • Global Service Provider Architecture • US Commercial - Central
• CCIE 5383 – R&S + SP • CCIE 23213 – R&S + DC ? Why Did we Create this Session? Warning!
Vast amount of technologies
Not everything will be relevant to you…today Evolution of Network Configuration 1990s Today
hq>enable hq# config terminal hq(config)# interface fastethernet 1/1 hq(config-if)# ip address NEXUS>enable NEXUS(config)# feature eigrp 1.1.1.1 255.255.255.0 NEXUS# config terminal NEXUS(config)# router eigrp Test1 hq(config-if)# no shutdown NEXUS(config)# interface NEXUS(config)# interface hq(config-if)# exit ethernet 1/1 ethernet 1/1 hq(config)# router eigrp NEXUS(config-if)# no switchport NEXUS(config-if)# ip router hq(config-router)# network 1.1.1.0 NEXUS(config-if)# ip address eigrp Test1 hq(config-router)# exit 1.1.1.1 255.255.255.0 NEXUS(config-if)# no shutdown hq(config)# exit NEXUS(config-if)# no shutdown NEXUS(config-if)# end hq# copy run start NEXUS(config-if)# exit NEXUS# copy run start Need More than Centralised Management
Relationships Need More than Centralised Management SDN Use Cases
Network Function Network Traffic Virtualization Abstraction Engineering SDN Use Cases
Virtual Topology System Application Centric Open SDN Controller VTS Infrastructure OSC ACI Foundational Technologies VXLAN DC Fabric Journey Spanning Tree Protocol Virtual Layer 2 Port-Channel
FabricPath DC Fabric Journey Virtual Extensible LAN Spanning Tree Protocol
Layer 3 Virtual Port-Channel
VXLAN 44517 FabricPath VXLAN 32145
VTEP VTEP VTEP VTEP VTEP VXLAN
Virtual Virtual Switch Local LAN Switch Segment
Virtual Switch VXLAN Tunnel Encapsulation
VXLAN Outer Outer UDP Header Original L2 Frame Mac Header IP Header Header FCS FCS
10 or 14 Bytes 20 Bytes 8 Bytes 8 Bytes
.
.
. .
. .
Addr
Addr
Port
. IP .
Data
. IP .
. Port .
Src
Dst
Tag
UDP UDP
UDP
VNID
0x11
Outer
0x0800
VXLAN
Dst
Outer
0x0000
Dst
0x8100
Src
Src
Reserved
Header
Protocol
VLANID
Reserved
Checksum
Ether Type Ether
MAC MAC
MAC MAC
Misc
IP IP Header
RRRR1RRR
VLANType
Checksum UDP Length UDP 24 8 48 48 16 16 16 72 8 16 32 32 16 16 16 16 8 24
16 million VTEP IPs VNID VXLAN Problems
Layer 3 No Peer-Auth
VXLAN 44517 Flood & Learn VXLAN 32145
VTEP VTEP VTEP VTEP VTEP
VTEP
Virtual Virtual Switch Local LAN Switch Segment
Virtual Switch DC Fabric Journey Spanning Tree Protocol RR RR Virtual Layer 3 Port-Channel
VXLAN 44517 FabricPath VXLAN 32145
VXLAN
VXLAN with BGP EVPN SDN Journey
Controller
OpenFlow allows direct access to the forwarding plane of network switched devices. SDN Journey NSO
Layer 3
VXLAN 44517 VXLAN 32145
VTEP VTEP VTEP VTEP VTEP
Virtual Virtual Switch Switch API Controller APIs Application Programming Interface API Why We Care
Collect list of used VLANS RESTful API’s
Well Understood HTTP or HTTPS GET, PUT, POST, and DELETE
Easy to Develop Against
Client Server
Versioned Response in HTML, JSON / XML API – Collect Information Collect List of Used VLANs
POST: http://10.10.10.10/ins/ { "ins_api": { “version": “1.0”, “type": “cli_show”, “chunk": “0”, “sid": “1”, “input": “show vlan”, “output_format": “json”, } {
List VLANS API – Collect Information Collect List of Used VLANs
{ "ins_api": { … 1 - default "body": { 101- n1k-l3 "TABLE_vlanbrief": { "ROW_vlanbrief": [ 123- VLAN0123 { 300- 1k-vtep "vlanshowbr-vlanid": "16777216", 999- VLAN0999 "vlanshowbr-vlanid-utf": "1", "vlanshowbr-vlanname": "default", … }, { "vlanshowbr-vlanid": "1694498816", "vlanshowbr-vlanid-utf": "101", List VLANS "vlanshowbr-vlanname": "n1k-l3", …} SDN Resets Business Opportunities
New architecture with separate control and data planes
Security, Load Balancing, Applications and Other Services Open programmable networks APIs and APIs SDN Platform
Open Protocols New business models and revenue opportunities
Efficiency in both capital and operational expenses Physical Network Physical Network VTS Use Case – Network Function Virtualisation High Level Virtual Topology System (VTS) Use Case
Internet
vFW
CPE CPE vWAAS
Customer SP Customer Metro and Access Metro and Access Prem Core Prem NFV Use Case Admin Tools Customer Portal OSS/BSS REST API
Orchestration & Controllers Layer NSO
VTS vCenter Plug-in VTS OpenStack
Virtual Overlay Networking Layer BGP-EVPN
MPLS VPN Network VXLAN VPN PE & VXLAN Gateway Nexus 9300 (ToR) Nexus 9300 (ToR)
VLANs VLANs VLANs VLANs
Virtual Infrastructure, VNF & PNF Layer PNF1 OVS dVS PNF2
VNF1 VNF2 VNF1 VNF2 Cisco Virtual Topology System (VTS) Overlay Provisioning and Management System
Cisco Network Services Orchestrator (Tail-f) VMware vCenter GUI
Flexible Overlays REST API Automated Physical and Virtual Overlays Seamless Integration with Orchestrators Bare-metal and Virtualized Workloads Automated Overlay Provisioning Service Chaining Automated DCI/WAN Integration
Cisco Virtual Scalable VXLAN Mgmt. Open and Programmable Topology System REST-Based Northbound APIs MP-BGP EVPN Control Plane Multi-protocol Support Virtual Tenant Networks Multi-hypervisor Support High Performance Virtual Forwarding YANG CLI NX-API BGP-EVPN
Nexus Portfolio Nexus 2k – 9k VTS Architecture
Cisco Network Services Orchestrator (Tail-f) VMware vCenter GUI
Unified Information Model (REST API)
Virtual Topology System Policy Plane Service and Infrastructure Policy Inventory Database
Resource Management
Control Plane
Device Management IOS XRv
YANG CLI NX-API BGP-EVPN
Virtual Compute Environment
OVS VTF DVS
Cisco Nexus 2000, 3000, Cisco Nexus Cisco ASR 5000, and 7000 Series 9000 Series 9000 Series 3rd Party VM Cisco NSO VTS Architecture Manager vCenter GUI
REST API
Virtual Topology System BGP EVPN RR RR (VTS) Spine
BGP RR - Border MP WAN / Internet Leaf 3rd Party Cloud V V V V V …. V OVS / dVS VTF RESTCONF/YANG DCI IP / MPLS WAN Physical
Virtual Integrated Virtual Service Provider Oriented Architecture 3rd Party VM Cisco NSO VTS Architecture Manager vCenter GUI
REST API
Virtual Topology System RR RR (VTS) Spine
RR Border WAN / Internet VXLAN Leaf 3rd Party Cloud V V V V V …. V OVS / dVS VTF DCI IP / MPLS WAN Physical
Virtual Integrated Virtual Service Provider Oriented Architecture 3rd Party VM Overlay Provisioning Cisco NSO Manager Use Case vCenter GUI
REST API
Virtual Topology System (VTS)
VXLAN Overlay • Layer-2 / Layer-3 VXLAN Border Configuration using MP-BGP EVPN control-plane Leaf V V V V V V • Allocate and Manage …. resources • Support for Physical and OVS / dVS Virtual End-Hosts • End-to-End Automation Physical • Openstack and vCenter integration Virtual VTS Architecture
Virtual Topology System DCI Policy Plane Service and Infrastructure Policy Inventory Database Border Leaf VTEP
Resource Management
Control Plane
Device Management IOS XRv Spine Spine
REST NX-API, API Cisco VTS CLI, YANG
ToR VTEP ToR VTEP ToR
VTEP
VMware vCenter Hypervisor Hypervisor Hypervisor
VM VM VM VM x86 Server x86 Server x86 Server VTS Architecture DCI
Border Leaf VTEP
Spine Spine
REST NX-API, API Cisco VTS CLI, YANG
ToR VTEP ToR VTEP ToR
VTEP
VMware vCenter Hypervisor Hypervisor Hypervisor
VM VM VM VM x86 Server x86 Server x86 Server VTS – OpenStack Workflow vlan 1,1700-711,2000 vlan 1706 vn-segment 46006 6 VTS provisions VTEP, evpn VLAN for each VTEP evi 46006 vni and EVPN on ToR/VTF bgp rd auto 8 Create router and attach route-target import auto interfaces to tenant networks route-target export auto interface nve1 no shutdown 1 source-interface loopback0 Create Tenant 2 Tenant and Tenant Networks Spine Spine member vni 46006 Networks Created host-reachability protocol bgp mcast-group 224.1.1.1 REST NX-API, API Cisco VTS CLI, YANG
3 VNID assigned for each network ToR VTEP ToR VTEP ToR 7 Neutron agent modified to request VLAN VLAN VLAN VLAN VTEP 4 Attach VM to information Network from VTS VMware vCenter Hypervisor Hypervisor Hypervisor VLAN before VM VM VM VM programming 5 VM Host info captured by VTS x86 Server x86 Server x86 Server vSwitch and mapped to the right ToR & ToR port using topology database ACI Use Case – WordPress as a Service What is WordPress?
• Open-source content management system
• Originally a blogging platform, now a wider scope
• 23% of the top 10million websites are powered by WordPress WPaaS Components and Requirements
• 3 Types of servers – both BM and VM • Internal management L3 network • User L3 network • SSH access on all servers • All communication should be as restrictive as possible – only allow what must be allowed Traditional Implementation
vlaninterfaceip access100 - listvlan db400100-provide namedescriptionpermit db tcp 192.168.200.0 InternalDatabase MgmtL3 0.0.0.255interface vlan192.168.100.0200hsrp 400100 0.0.0.255 3306 namepermit phpMyAdmin versiontcp 192.168.250.0 2 0.0.0.255 vlan192.168.100.0300 ip 0.0.0.255192.168.40.1192.168.100.1 3306 nameippermitaddress wp tcp 192.168.40.0192.168.40.1/24192.168.100.2/24 0.0.0.255 192.168.100.0 vlaninterface0.0.0.255400ip access 22vlan -500group db-provide out namedescription internal Outside vlanipinterfaceaccess500hsrp- listvlan500 phpMyAdmin200 -provide permit tcp 192.168.40.0 0.0.0.255 192.168.200.0 namedescription externalversion phpMyAdmin 2 L3 interface 0.0.0.255 80 hsrp 200ip 192.168.50.1/24 permit tcp 192.168.40.0 0.0.0.255 192.168.200.0 0.0.0.255 22version 2 ip 192.168.200.1 ip accessip -addresslist WordPress 192.168.200.2/24-provide permitip access tcp-group192.168.40.0 phpMyAdmin 0.0.0.255-provide 192.168.250.0 out 0.0.0.255 22 interfacedeny vlanip 192.168.100.0250 0.0.0.255 192.168.250.0 0.0.0.255description WordPress L3 interface denyhsrp ip300192.168.200.0 0.0.0.255 192.168.250.0 0.0.0.255 version2 permit iptcp192.168.250.10.0.0.0 255.255.255.255 192.168.250.0ip address 0.0.0.255 192.168.250.2/24 8000 ip access-group WordPress-provide out ACI
Nexus 9000 APIC Policy Model The Hardware The Hardware
Nexus Nexus APIC 9500 9300 The Fabric
Spine
Leaf ACI – Network Abstraction ACI – Abstraction
• Everything in ACI is represented in the Management Information Tree • All objects have relationships between each other • Hardware is configured based upon these relationships ACI MIT– Tenant Model
Contract Contract ACI – Abstraction MGMT Outside
Contract Contract Contract Permit 80 Permit 22 Permit 8000
EPG EPG EPG admin db wp
Contract Permit 3306 Endpoint Attachment
Clients
MGMT
802.1q No Tag
Word MySQL Hypervisor Press Hypervisor No VTEP AVS Word phpMy phpMy Word Press Admin Admin Press VLAN 10 VLAN 47 VNID 8213 VNID 5215 ACI – Endpoint Attachment
Static Path
VMM Integration ACI – Endpoint Attachment
Static Path
VMM Integration ACI – Application Policy
"fvAp": { { "attributes": { "fvRsCons": { "descr": "", "attributes": { "dn": "uni\/tn-clanz16\/ap-WPaaS", "prio": "unspecified", "name": "WPaaS", "tnVzBrCPName": "mysql" "ownerKey": "", } "ownerTag": "", } "prio": "unspecified" }, }, { "children": [ "fvRsDomAtt": { { "attributes": { "fvAEPg": { "encap": "unknown", "attributes": { "instrImedcy": "lazy", "descr": "", "resImedcy": "lazy", "isAttrBasedEPg": "no", "tDn": "uni\/phys-ucs-fi-vmm" "matchT": "AtleastOne", } "name": "phpMyAdmin", } "prio": "unspecified" }, }, "children": [ ACI
I want this
BM Clients WordPress VM VM mySQL
BM MGMT phpMyAdmin VM BM ACI
Configure for this
BM Clients WordPress VM VM mySQL
BM MGMT phpMyAdmin VM BM ACI
Success / Faults ACI
Faults and Health ACI – Visibility Fault Investigation ACI – Statistics ACI – Statistics EPG Putting it Together
Clients
MGMT
802.1q No Tag BM Clients WordPress Word MySQL VM VM Hypervisor Press Hypervisor mySQL
No VTEP AVS BM Word phpMy phpMy Word phpMy Press Admin Admin Press MGMT Admin VLAN 10 VLAN 47 VNID 8213 VNID 5215 VM BM Comparisons and Contrasts
• Similar use of underlying technologies
• Different hardware requirements
• Different target use cases Open SDN Controller Use Case – Traffic Engineering Cisco Open SDN Controller
P1
PE2 CE2 CE1 PE1
P2 OpenDaylight Platform
LEGEND AAA: Authentication, Authorisation and Accounting OVSDB: Open vSwitch DataBase Protocol AuthN: Authentication PCEP: Path Computation Element Communication Protocol BGP: Border Gateway Protocol PCMM: Packet Cable MultiMedia COPS: Common Open Policy Service Plugin2OC: Plugin To OpenContrail DLUX: OpenDaylight User Experience SDNI: SDN Interface (Cross-Controller Federation) DDoS: Distributed Denial Of Service SFC: Service Function Chaining DOCSIS: Data Over Cable Service Interface Specification SNBI: Secure Network Bootstrapping Infrastructure FRM: Forwarding Rules Manager SNMP: Simple Network Management Protocol Hydrogen GBP: Group Based Policy TTP: Table Type Patterns LISP: Locator/Identifier Separation Protocol VTN: Virtual Tenant Network “HELIUM” • Released February 2014 VTN OpenStack SDNI DDoS Network Applications DLUX Coordinator Neutron Wrapper Protection Orchestrations and Services
AAA – AuthN Filter OpenDaylight APIs (REST) Helium
Base Network Service Functions GBP DOCSIS • Released October 2014 OpenStack Service SFC AAA Service Abstraction Topology Stats Switch Host FRM • 1.87 million+ lines of code Manager Manager Manager Tracker VTN OVSDB LISP L2 SNBI SDNI Plugin20C Controller Platform Manager Neutron Service Switch Service Aggregator • 28 projects Service Abstraction Layer (SAL) • 256 contributors (Plugin Manager, Capability Abstractions, Flow Programming, Inventory, etc.)
GBP Renderers
OpenFlow PCMM/ Southbound Interfaces OVSDB NETCONF SNBI LISP BGP PCEP SNMP Plugin 20c 1.0 1.3 TTP COPS and Protocol Plugins Lithium
Data Plane Elements • June 2015 release planned Open Additional Virtual and OpenFlow Enabled Devices (Virtual Switches, Physical vSwitches Physical Devices Device Interfaces) Cisco Open SDN Controller vs OpenDaylight Helium
Community Support Cisco® Support Open SDN “Helium” OpenContrail Logs Controller Plug-in DLUX MD-SAL Metrics LISP Flow AAA Mapping BGP-LS OVA Distribution Group Policy Defense4all One-Click Install Controller Basic Clustering Precluded L2 Switch Incremental OpenDaylight Cisco Value Content Common Content OVSDB Monitoring VTN Project YANG Tools PCEP SNMP4SDN Central Mgmt OpenFlow Secure Network and Admin PacketCable Plug-in Bootstrap Infra PCMM Plug-in Clustering Service Function AD-SAL Chaining Developer Support SDNi Cisco Open SDN Controller
Network Application 1 Application 2 Application 3 Application 4 Application ‘n’ Applications REST APIs
DLux User Interface
Base Network Service Functions 3rd Party Network Service Functions Topology Statistics Host Network Network Network FRM Manager Manager Tracker Service 1 Service 2 Service 3 Cisco Open AAA GBP Network Network SDN Controller L2 Switch Service Service Service 4 Service ‘n’ Platform Model Driven Service Abstraction Layer (Plugin Manager, Capacity Abstraction, Flow Programming, Inventory, etc)
OpenFlow OVSDB NETCONF BGPLS PCEP Interface Interface Interface Interface Interface
OpenFlow Enabled Open Cisco and 3rd Virtual Data Plane Devices vSwitches and Physical Devices Elements Carrier-Class User Experience
Centralized OA&M Preinstalled Apps • Robust user, application, and • BGPLS Manager - Visualises feature administration network topology from BGP • Status monitoring; system, database cluster, node • Inventory – Augmented • Event logging OpenDaylight “nodes” app identifies all connected • Real-time CPU, memory, disk, devices heap size, load, and network utilisation metrics • (YANG) Model Explorer – Exposes system models and previews JSON API body • OpenFlow Manager – Manages, visualises, and troubleshoots flows + previews JSON API body “One-Click” Install • PCEP Manager – Creates, • VMware ESXi and Oracle modifies, and deletes MPLS Virtual Box hypervisor ready LSPs BGPLS Manager Application
Visualises network topology based on Boarder Gateway Protocol (BGP) Inventory Manager
• Augmented OpenDaylight “nodes” • Device vendor • Platform IDs • Series numbers OpenFlow Manager
• OpenFlow topology visualisation • Flow management • Flow-based troubleshooting • JSON body preview PCEP Manager
• Autocreate label-switched paths (LSPs) • Manually create LSPs • Delete LSPs Path Based LSP Creation MPLS LSP Use Case OSC WAE REST APIs
PCEP BGP-LS
P1
PE2 CE2 CE1 PE1
IS-IS Routing IP / MPLS Network P2 BGP-LS = BGP Link State PCEP = Path Computation Element Protocol MPLS LSP Use Case Congestion Aware Cisco® Open SDN Controller BGP-LS PCEP Cisco WAN REST Automation Engine API
Congested Link
PE2 P4 Data Centre #2 TE 1
50 Mb P1
DC Edge 75 Mb PE 1 P3 Router Data Centre #1 TE 2
P2 PE3 Congested Data Centre #3 Link Where Have We Come
• Not All SDN Controllers are created equal… …nor are the SDN use cases
• No particular SDN controller is “best” • There’s more SDN controllers coming ? Q & A Complete Your Online Session Evaluation Give us your feedback and receive a Cisco 2016 T-Shirt by completing the Overall Event Survey and 5 Session Evaluations. – Directly from your mobile device on the Cisco Live Mobile App – By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/ciscolivemelbourne2016/ – Visit any Cisco Live Internet Station located throughout the venue Learn online with Cisco Live! T-Shirts can be collected Friday 11 March Visit us online after the conference for full access to session videos and at Registration presentations. www.CiscoLiveAPAC.com Thank you